<?php include "../db/db_connect.php"; ?>

<?php
    $username = trim($_POST["username"]);
    $password = md5($_POST["password"]);
	
	$qry = "select user_id from user where user_name=\"{$username}\" and user_password=\"{$password}\"";
	$ds = mysql_query($qry, $con);
	$data = mysql_fetch_array($ds);
?>

<?php include "../db/db_close.php"; ?>

<?php
    if ($data != "") { // username and password match
	    session_start();
        $_SESSION['uname'] = $username;
        $_SESSION['uid'] = $data[0]['user_id'];
	
        header("Location: ../../index.php");
	}
	else {
	    header("Location: ../../login.php?e=1");
	}
?>